$js = "";
if ($use_popup_windows)
$js .= get_js_open_window(900, 500);
-page(_("Inventory Item Cost Update"), false, false, "", $js);
+page(_($help_context = "Inventory Item Cost Update"), false, false, "", $js);
//--------------------------------------------------------------------------------------
$sql = "SELECT description, units, material_cost, labour_cost,
overhead_cost, mb_flag
FROM ".TB_PREF."stock_master
- WHERE stock_id='" . $_POST['stock_id'] . "'
+ WHERE stock_id=".db_escape($_POST['stock_id']) . "
GROUP BY description, units, material_cost, labour_cost, overhead_cost, mb_flag";
$result = db_query($sql);
check_db_error("The cost details for the item could not be retrieved", $sql);